CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9821 vulnerabilities reference this CWE, most recent first.
GHSA-J9X8-8C7Q-XW4M
Vulnerability from github – Published: 2024-12-10 21:30 – Updated: 2024-12-10 21:30Photoshop Desktop versions 26.0 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2024-52997"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-10T21:15:19Z",
"severity": "HIGH"
},
"details": "Photoshop Desktop versions 26.0 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-j9x8-8c7q-xw4m",
"modified": "2024-12-10T21:30:53Z",
"published": "2024-12-10T21:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52997"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/photoshop/apsb24-101.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JC2V-H6MW-MJWP
Vulnerability from github – Published: 2022-05-24 16:47 – Updated: 2022-10-14 12:00This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 2019.010.20098. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8231.
{
"affected": [],
"aliases": [
"CVE-2019-6772"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-06-03T19:29:00Z",
"severity": "MODERATE"
},
"details": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 2019.010.20098. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8231.",
"id": "GHSA-jc2v-h6mw-mjwp",
"modified": "2022-10-14T12:00:25Z",
"published": "2022-05-24T16:47:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6772"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-446"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JC2X-6MPJ-Q5VM
Vulnerability from github – Published: 2022-07-22 00:00 – Updated: 2022-07-27 00:00Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2022-0975"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-21T23:15:00Z",
"severity": "HIGH"
},
"details": "Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GHSA-jc2x-6mpj-q5vm",
"modified": "2022-07-27T00:00:45Z",
"published": "2022-07-22T00:00:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0975"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_15.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1295411"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-25"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JC37-WF52-X7M4
Vulnerability from github – Published: 2023-07-27 03:30 – Updated: 2024-04-04 06:22A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, tvOS 16.6, watchOS 9.6, macOS Ventura 13.5, iOS 15.7.8 and iPadOS 15.7.8. An app may be able to execute arbitrary code with kernel privileges.
{
"affected": [],
"aliases": [
"CVE-2023-35993"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-27T01:15:32Z",
"severity": "HIGH"
},
"details": "A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, tvOS 16.6, watchOS 9.6, macOS Ventura 13.5, iOS 15.7.8 and iPadOS 15.7.8. An app may be able to execute arbitrary code with kernel privileges.",
"id": "GHSA-jc37-wf52-x7m4",
"modified": "2024-04-04T06:22:59Z",
"published": "2023-07-27T03:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35993"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213841"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213842"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213843"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213844"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213845"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213846"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213848"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JC3C-7CRW-RHQ4
Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-05-24 17:44Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2021-21191"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-16T15:15:00Z",
"severity": "HIGH"
},
"details": "Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GHSA-jc3c-7crw-rhq4",
"modified": "2022-05-24T17:44:38Z",
"published": "2022-05-24T17:44:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21191"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1167357"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N52OWF4BAP3JNK2QYGU3Q6QUVDZDCIMQ"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202104-08"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4886"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-JC59-87WQ-G5XP
Vulnerability from github – Published: 2022-05-13 01:14 – Updated: 2022-05-13 01:14The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
{
"affected": [],
"aliases": [
"CVE-2019-7221"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-03-21T16:01:00Z",
"severity": "HIGH"
},
"details": "The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.",
"id": "GHSA-jc59-87wq-g5xp",
"modified": "2022-05-13T01:14:42Z",
"published": "2022-05-13T01:14:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7221"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3932-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3932-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3931-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3931-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3930-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3930-1"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K08413011"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190404-0002"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1760"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:4058"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3967"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:0833"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:0818"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/02/18/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JC5W-M29H-G88W
Vulnerability from github – Published: 2025-02-27 03:34 – Updated: 2026-07-14 15:31In the Linux kernel, the following vulnerability has been resolved:
scsi: ufs: bsg: Set bsg_queue to NULL after removal
Currently, this does not cause any issues, but I believe it is necessary to set bsg_queue to NULL after removing it to prevent potential use-after-free (UAF) access.
{
"affected": [],
"aliases": [
"CVE-2024-54458"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-27T03:15:10Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: bsg: Set bsg_queue to NULL after removal\n\nCurrently, this does not cause any issues, but I believe it is necessary to\nset bsg_queue to NULL after removing it to prevent potential use-after-free\n(UAF) access.",
"id": "GHSA-jc5w-m29h-g88w",
"modified": "2026-07-14T15:31:16Z",
"published": "2025-02-27T03:34:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54458"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1e95c798d8a7f70965f0f88d4657b682ff0ec75f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/22018622e1e9e371198dbd983af946a844d5924c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5e7b6e44468c3242c21c2a8656d009fb3eb50a73"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5f782d4741bf558def60df192b858b0efc6a5f0a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/88a01e9c9ad40c075756ba93b47984461d4ff15d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9193bdc170cc23fe98aca71d1a63c0bf6e1e853b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bb4783c670180b922267222408e1c48d22dfbb46"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JC8X-C98X-36VW
Vulnerability from github – Published: 2022-05-13 01:33 – Updated: 2022-05-13 01:33This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the desc property. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6471.
{
"affected": [],
"aliases": [
"CVE-2018-17635"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-01-24T04:29:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the desc property. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6471.",
"id": "GHSA-jc8x-c98x-36vw",
"modified": "2022-05-13T01:33:59Z",
"published": "2022-05-13T01:33:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17635"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1177"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JC9R-G3MJ-XMWH
Vulnerability from github – Published: 2025-02-27 21:32 – Updated: 2025-02-27 21:32In the Linux kernel, the following vulnerability has been resolved:
srcu: Tighten cleanup_srcu_struct() GP checks
Currently, cleanup_srcu_struct() checks for a grace period in progress, but it does not check for a grace period that has not yet started but which might start at any time. Such a situation could result in a use-after-free bug, so this commit adds a check for a grace period that is needed but not yet started to cleanup_srcu_struct().
{
"affected": [],
"aliases": [
"CVE-2022-49651"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:40Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsrcu: Tighten cleanup_srcu_struct() GP checks\n\nCurrently, cleanup_srcu_struct() checks for a grace period in progress,\nbut it does not check for a grace period that has not yet started but\nwhich might start at any time. Such a situation could result in a\nuse-after-free bug, so this commit adds a check for a grace period that\nis needed but not yet started to cleanup_srcu_struct().",
"id": "GHSA-jc9r-g3mj-xmwh",
"modified": "2025-02-27T21:32:14Z",
"published": "2025-02-27T21:32:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49651"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8ed00760203d8018bee042fbfe8e076579be2c2b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e997dda6502eefbc1032d6b0da7b353c53344b07"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JCJF-6896-F99G
Vulnerability from github – Published: 2024-12-27 15:31 – Updated: 2025-11-03 21:31In the Linux kernel, the following vulnerability has been resolved:
can: hi311x: hi3110_can_ist(): fix potential use-after-free
The commit a22bd630cfff ("can: hi311x: do not report txerr and rxerr during bus-off") removed the reporting of rxerr and txerr even in case of correct operation (i. e. not bus-off).
The error count information added to the CAN frame after netif_rx() is a potential use after free, since there is no guarantee that the skb is in the same state. It might be freed or reused.
Fix the issue by postponing the netif_rx() call in case of txerr and rxerr reporting.
{
"affected": [],
"aliases": [
"CVE-2024-56651"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T15:15:24Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: hi311x: hi3110_can_ist(): fix potential use-after-free\n\nThe commit a22bd630cfff (\"can: hi311x: do not report txerr and rxerr\nduring bus-off\") removed the reporting of rxerr and txerr even in case\nof correct operation (i. e. not bus-off).\n\nThe error count information added to the CAN frame after netif_rx() is\na potential use after free, since there is no guarantee that the skb\nis in the same state. It might be freed or reused.\n\nFix the issue by postponing the netif_rx() call in case of txerr and\nrxerr reporting.",
"id": "GHSA-jcjf-6896-f99g",
"modified": "2025-11-03T21:31:58Z",
"published": "2024-12-27T15:31:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56651"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1128022009444faf49359bd406cd665b177cb643"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4ad77eb8f2e07bcfa0e28887d3c7dbb732d92cc1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9ad86d377ef4a19c75a9c639964879a5b25a433b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bc30b2fe8c54694f8ae08a5b8a5d174d16d93075"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.